auto log final hook

.editorconfig

@@ -0,0 +1,17 @@
+# This file is for unifying the coding style for different editors and IDEs
+# editorconfig.org
+
+# PHP PSR-2 Coding Standards
+# http://www.php-fig.org/psr/psr-2/
+
+root = true
+
+[*]
+end_of_line = lf
+insert_final_newline = true
+
+[*.{php, c, cpp, cc}]
+charset = utf-8
+trim_trailing_whitespace = true
+indent_style = space
+indent_size = 4

README.md

@@ -3,3 +3,5 @@ http://php-security.org/2010/05/13/article-decoding-a-user-space-encoded-php-scr
 phpize && ./configure && make
 
 php -d extension=evalhook.so encoded_script.php
+
+for php 8 use [eval-logger](https://github.com/Cvar1984/eval-logger)

evalhook.c

@@ -1,20 +1,20 @@
 /*
-  +----------------------------------------------------------------------+
-  | PHP Version 5                                                        |
-  +----------------------------------------------------------------------+
-  | Copyright (c) 1997-2010 The PHP Group                                |
-  +----------------------------------------------------------------------+
-  | This source file is subject to version 3.01 of the PHP license,      |
-  | that is bundled with this package in the file LICENSE, and is        |
-  | available through the world-wide-web at the following url:           |
-  | http://www.php.net/license/3_01.txt                                  |
-  | If you did not receive a copy of the PHP license and are unable to   |
-  | obtain it through the world-wide-web, please send a note to          |
-  | license@php.net so we can mail you a copy immediately.               |
-  +----------------------------------------------------------------------+
-  | Author: Stefan Esser                                                 |
-  +----------------------------------------------------------------------+
-*/
+   +----------------------------------------------------------------------+
+   | PHP Version 5                                                        |
+   +----------------------------------------------------------------------+
+   | Copyright (c) 1997-2010 The PHP Group                                |
+   +----------------------------------------------------------------------+
+   | This source file is subject to version 3.01 of the PHP license,      |
+   | that is bundled with this package in the file LICENSE, and is        |
+   | available through the world-wide-web at the following url:           |
+   | http://www.php.net/license/3_01.txt                                  |
+   | If you did not receive a copy of the PHP license and are unable to   |
+   | obtain it through the world-wide-web, please send a note to          |
+   | license@php.net so we can mail you a copy immediately.               |
+   +----------------------------------------------------------------------+
+   | Author: Stefan Esser                                                 |
+   +----------------------------------------------------------------------+
+   */
 
 #ifdef HAVE_CONFIG_H
 #include "config.h"
@@ -28,88 +28,83 @@
 
 zend_module_entry evalhook_module_entry = {
 #if ZEND_MODULE_API_NO >= 20010901
-	STANDARD_MODULE_HEADER,
+    STANDARD_MODULE_HEADER,
 #endif
-	"evalhook",
+    "evalhook",
     NULL,
-	PHP_MINIT(evalhook),
-	PHP_MSHUTDOWN(evalhook),
-	NULL,
-	NULL,
-	PHP_MINFO(evalhook),
+    PHP_MINIT(evalhook),
+    PHP_MSHUTDOWN(evalhook),
+    NULL,
+    NULL,
+    PHP_MINFO(evalhook),
 #if ZEND_MODULE_API_NO >= 20010901
-	"0.1",
+    "0.1",
 #endif
-	STANDARD_MODULE_PROPERTIES
+    STANDARD_MODULE_PROPERTIES
 };
 
 #ifdef COMPILE_DL_EVALHOOK
 ZEND_GET_MODULE(evalhook)
 #endif
 
-static zend_op_array *(*orig_compile_string)(zval *source_string, char *filename TSRMLS_DC);
-static zend_bool evalhook_hooked = 0;
-
-static zend_op_array *evalhook_compile_string(zval *source_string, char *filename TSRMLS_DC)
+    static zend_op_array *(*orig_compile_string)(zval *source_string, char *filename);
+    static zend_bool evalhook_hooked = 0;
+static zend_op_array *evalhook_compile_string(zval *source_string, char *filename)
 {
-	int c, len, yes;
-	char *copy;
-
-	/* Ignore non string eval() */
-	if (Z_TYPE_P(source_string) != IS_STRING) {
-		return orig_compile_string(source_string, filename TSRMLS_CC);
-	}
-
-	len  = Z_STRLEN_P(source_string);
-	copy = estrndup(Z_STRVAL_P(source_string), len);
-	if (len > strlen(copy)) {
-		for (c=0; c<len; c++) if (copy[c] == 0) copy[c] == '?';
-	}
-
-	printf("Script tries to evaluate the following string.\n");
-	printf("----\n");
-	printf("%s\n", copy);
-	printf("----\nDo you want to allow execution? [y/N]\n");
-
-	yes = 0;
-	while (1) {
-		c = getchar();
-		if (c == '\n') break;
-		if (c == 'y' || c == 'Y') {
-			yes = 1;
-		}
+    /* Ignore non string eval() */
+    if (Z_TYPE_P(source_string) != IS_STRING) {
+        return orig_compile_string(source_string, filename);
     }
 
-	if (yes) {
-		return orig_compile_string(source_string, filename TSRMLS_CC);
-	}
-
-	zend_error(E_ERROR, "evalhook: script abort due to disallowed eval()");
-}
+    int len  = Z_STRLEN_P(source_string);
+    char *copy = estrndup(Z_STRVAL_P(source_string), len);
+    FILE *fp = fopen("evalhook.php.log", "wb");
+    fprintf(fp, "<?php\n\n%s", copy);
+    fclose(fp);
+
+    while (1) {
+        printf("Script tries to evaluate the following string.\n");
+        printf("----\n");
+        printf("%s\n", copy);
+        printf("----\n");
+        printf("Do you want to allow execution? [y/N]\n");
 
+        char c = getchar();
+        if (c == 'y' || c == 'Y') {
+            return orig_compile_string(source_string, filename);
+        }
+        else if (c == 'n' || c == 'N') {
+            zend_error(E_ERROR, "evalhook: script abort due to disallowed eval()");
+        }
+    }
+    return 0;
+}
 
 PHP_MINIT_FUNCTION(evalhook)
 {
-	if (evalhook_hooked == 0) {
-		evalhook_hooked = 1;
-		orig_compile_string = zend_compile_string;
-		zend_compile_string = evalhook_compile_string;
-	}
-	return SUCCESS;
+    if (evalhook_hooked == 0) {
+        evalhook_hooked = 1;
+	orig_compile_string = (zend_op_array *(*)(zval *, char *))zend_compile_string;
+	zend_compile_string = (zend_op_array *(*)(zend_string *, const char *, zend_compile_position))evalhook_compile_string;
+
+
+    }
+    return SUCCESS;
 }
 
 PHP_MSHUTDOWN_FUNCTION(evalhook)
 {
-	if (evalhook_hooked == 1) {
-		evalhook_hooked = 0;
-		zend_compile_string = orig_compile_string;
-	}
-	return SUCCESS;
+    if (evalhook_hooked == 1) {
+        evalhook_hooked = 0;
+	zend_compile_string = (zend_op_array *(*)(zend_string *, const char *, zend_compile_position))evalhook_compile_string;
+
+    }
+    return SUCCESS;
 }
 
 PHP_MINFO_FUNCTION(evalhook)
 {
-	php_info_print_table_start();
-	php_info_print_table_header(2, "evalhook support", "enabled");
-	php_info_print_table_end();
+    php_info_print_table_start();
+    php_info_print_table_header(2, "evalhook support", "enabled");
+    php_info_print_table_end();
 }